Which area has the worst track record for its implementation of cybersecurity? PKI/Digital Certificates? Key Management? OAuth? Well, it is likely to be within embedded devices and IoT. Overall, it seems like a dream, but what if we could design systems which were “secure-by -design”, and not have to fix problems later on.
So, if you are into cybersecurity, you will know all about the MITRE ATT&CK framework, and which allows organisations to classify a threat and then find mitigations for it. There are then 18 stages for an attack, from reconnaissance to impact:
MITRE has also applied this to mobile devices and critical infrastructure. However, one area is still weak in terms of the formal classification of threads: embedded devices. For this, they have released the EMB3D threat map, and which integrates the ATT&CK framework and CVE (Common Vulnerabilities) and CWE (Common Weakness Enumeration) data sources [here]:
In this, we split the threats into the classifications of application software, system software…
